Introduction
This article explains about how to secure API’s using the SSL certificate.
Audience
It is assumed that readers of this article know how to setup API’s on API gateway.
Prerequisites
- Configure the API at the API gateway.
- Create an Application and associate API with the application.
- Refer the link to create an API
https://github.com/SoftwareAG/webmethods-api-gateway
- In this case, API is configured at API gateway “b2binboundchannel”
- SSL certificate and private key
Generate public key and private key pair or use pair from certificate authority (If certificates are not available).
- openssl genpkey -algorithm RSA -out private-key.pem (rename to private-key.key)
- openssl req -new -key private-key.pem -out csr.pem
- openssl x509 -req -days 365 -in csr.pem -signkey private-key.pem -out certificate.pem (rename to certificate.cer)
- openssl x509 -in certificate.pem -text -noout
Configure Certificate at API Gateway
- Log in to the API gateway
- Create the application at API Gateway
- Import the public certificate
- In this case, self-signed certificate is uploaded in the application.
Configure the policy
- Open the API
- Navigate to policies.
- Click on Identify & Access policy.
- Select Identify & Authorize Application.
- Select SSL Certificate and select the registered application from application lookup drop-down menu.
Test Using Postman Client
- Configure the certificates at the postman client.
Verify the logs at API Gateway
- Navigate to API gateway
- Open API, in this case, it is b2binboundchannel
- Navigate to Analytics tab
- In the transaction log there will be certificate details, which were sent along with the request.
Note: Attaching the self-signed certificates used for this case
Certificates.zip (2.55 KB)
Check also:
webMethods.io API Gateway: Securing APIs using Payload Element